Module org.refcodes.security.ext.spring

Package org.refcodes.security.ext.spring

Class TextDecrypterBean

java.lang.Object

org.refcodes.security.ext.spring.TextDecrypterBean

All Implemented Interfaces:

org.springframework.beans.factory.FactoryBean<String>

public class TextDecrypterBean
extends Object
implements org.springframework.beans.factory.FactoryBean<String>

The sole purpose of the bean is not to store any passwords in clear text in a text file. It decrypts any encrypted passwords with a hard coded secret (which is depended on the current application and the host this application is processed on and may be acquired by accessing and manipulating alongside executing the application on the host or heuristically simulating the application with metrics gathered from the host). This means that any hacker having access to the host and decompiling the code will be able to gain knowledge on how to create plain text from the encrypted passwords in a configuration file. Additional measures have to be undertaken in order to restrict access to the program codes or configuration files by any intruder. The password itself is stored as a byte array, so it is not stored as clear text in the class files neither. Any further obfuscation has not been approached as in the end it will not provide any further security due to the fact that the password must be accessible somehow and automatically be decryptable by program code.

ATTENTION: This bean just provides support for not storing any passwords in clear text!

Field Summary

Fields inherited from interface org.springframework.beans.factory.FactoryBean

OBJECT_TYPE_ATTRIBUTE

Constructor Summary

Constructors

Constructor	Description
TextDecrypterBean()

Method Summary

Modifier and Type	Method	Description
String	getObject()
Class<?>	getObjectType()
boolean	isSingleton()
void	setEncryptedText(String aEncryptedText)	Sets the encrypted string to be decrypted and passed the the consuming bean.
static String	toEncryptedText(String aText)	Helper method to encrypt a string which can be used in a configuration file.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TextDecrypterBean

public TextDecrypterBean()

Method Details

setEncryptedText

public void setEncryptedText(String aEncryptedText)

Sets the encrypted string to be decrypted and passed the the consuming bean.

Parameters:

aEncryptedText - the encrypted string to be decrypted.

getObject

public String getObject()

Specified by:

getObject in interface org.springframework.beans.factory.FactoryBean<String>

getObjectType

public Class<?> getObjectType()

Specified by:

getObjectType in interface org.springframework.beans.factory.FactoryBean<String>

isSingleton

public boolean isSingleton()

Specified by:

isSingleton in interface org.springframework.beans.factory.FactoryBean<String>

toEncryptedText

public static String toEncryptedText(String aText)

Helper method to encrypt a string which can be used in a configuration file.

Parameters:

aText - the text string to be encrypted.

Returns:

the string